Im sorry guys for some reason it said I double posted and cut all my content.
My OS - Vista Home x64
I recently noticed upon following a trusted link in an email to a site Ive visited before two text boxes appeared saying I have Malicious Software / Infections present, after the boxes appeared it opened “My Computer” and started a scan, I proceeded to X out the two text boxes and the scan… Afterwards I checked my NIS09 History log to see if it caught any activity of the event, the following happens every couple of minutes with 4-5 showing up. Heres what my log says constantly; Info - Rule “Default Block UPnP Discovery” Stealthed (###.###.#.#, Port ssdp (####)). Inbound UDP Packet.
I proceeded to download updates for my Norton Internet Security 2009, Malwarebytes, SuperAntispyware, Windows Defender and Avast programs. I proceeded to safemode and scanned with the following programs with nothing appearing but cookies on Malwarebytes. I then ran a thorough scan with archived files checked on Avast and it found the following; OSCust.exe , C:\Windows\SysWOW64\OEM\OSCust.exe, win32:Trojan-gen (other). It also showed atleast 13 other files that it said could not be scanned and they all had random #'s.
Im not sure how to get rid of this threat, I’ve never run into something thats actually been able to get by Norton before. Also what I noticed is when I go into safemode and open the virus chest it gives me this error, "Initialization of Chest files Action was completed with errors! Program cannot use Chest client:(null). Description: virus chest server is not running. RPC communication failed. Im not really familiar with avast considering I just started using it today but I guess that means virus chest isnt enabled in safemode? Why wouldnt it be?
Hi dema,
One of your problems is that you have two AV’s installed (plus possibly one rogue program.)
You will need to uninstall one of them, either Norton or Avast, for the computer to operate satisfactorily.
The presence of two AV’s usually (ironically) creates a less secure environment, rather than providing extra security, plus places an extra load on system resources as both are operating, attempting to scan each others files at the same time etc.
My suggestion is to uninstall Norton internet security, run the Norton Removal Tool, repair Avast via the control panel “add/remove programs”, and then update MalwareBytes, and run a full scan in normal mode.
If you were to choose to uninstall Avast, the removal tool for same can be found here.
Most users I know of find Avast preferable to Norton products, but to be fair, I have read of some happy user experiences with NIS2009.
Your choice.
You need to install HijackThis on an admin account, and post the complete file in two parts (two separate posts) or use the “additional options” button at the left of the reply window when posting to attach it.
Maybe someone else will have a look at that. (I’m not trained in the use of them).
The log you’ve posted confirms the use of two AV’s.
Uninstall one of them.
Im scared to uninstall NIS09 with all the activity regarding the stealthed connections the firewalls blocking but I would rather use Avast, Im not sure whatever is trying to get into my comp will once I uninstall…Also that is my entire Hijackthis log, my comps fairly new and I ran it as administrator.
Vista Firewall is 2 ways so u dont have to worry to uninstall Norton. I did it 10-15 mins on my customer and its worked so well after uninstall it lol. But Tarq will help you more than me in forum. Because i cant really help very well in a forum but i can still suggest some thing ;D
Go to virus total, http://www.virustotal.com/ upload OSCust.exe from C:\Windows\SysWOW64\OEM\OSCust.exe ( could be part of aliensoftware )
Copy/paste the log here
Im not sure if it has to do with the alienware software, it’s appeared in the History Logs today which it hasnt before. If it was the aliensoftware it would have a install date similiar to the other software, wouldnt it? This just appeared today. Also Mr Agent Im used to using windows firewall with norton antivirus systemworks but this is the first time Ive installed NIS09 on one of my computers because I heard the firewall is better than windows but this is the first time Ive ever had malware on either of my computers for three years.
I was asking you to navigate to C:\Windows\SysWOW64\OEM\OSCust.exe and load the file from there. If Avast has removed the file,then it will not be there anymore.I have read several threads on this file, that relate to alienware, the file is usually flagged as suspicious, not necessarily malware.
You can export the file from the chest by this method >
Re Uploading to VirusTotal without an alert.
Create a folder called Suspect in the C:\ drive, e.g. C:\Suspect. Now exclude that folder in the Standard Shield, Customize, Advanced, Add, type (or copy and paste) C:\Suspect* That will stop the standard shield scanning any file you put in that folder. You should now be able to export any file in the chest to this folder and upload it to VirusTotal without avast alerting.
Hi, I couldn’t get to the forum for a bit. (micky77 is very knowledgeable about malware.)
Lost at standard shield: Here’s a step by step.
left click the system tray icon (Avast)
from the gui that opens, select “standard shield”, then clcik on “customize”, go to the “advanced” tab.
-Select “add”, type the path in to be excluded, if you follow micky’s suggestion it will be C:\Suspect.
-Move the file from the chest to that folder.
-Open www.virustotal.org , select upload a file, upload the file from this folder. Once analysis is complete, (it will take a minute or 5) copy the address url, post it back here.
-You may well have to disable NIS while carrying out these actions. (I still think you should uninstall it, run the removal tool, repair Avast, and then check the Vista firewall is on. That can be done any time, but if it were me, I’d do it sooner rather than later. Prevent interference.)
Open the chest from the main Avast gui (right click tray icon, select “start avast”, wait for the memory test to complete, then select the chest.)
From the chest, right-click the file concerned, and from the options, select “extract”. An explorer window will open, inviting you to browse to the folder to extract the file to. Select the folder you’ve created for this purpose.
Should then be all good to go.
(Sorry about the delay replying, had to go to work.)
Funny one , this one. Did it say ’ this file already analyzed ? If so, tick, re-analyze. What the results means, are 16/41 say this file is bad. So if it was on my pc, I would want rid. My personal thoughts are, this file is ‘suspicious’. The only good thing I can say, is, if you check the MD5 number,and google, another scanner, a year ago, found 6/36 including the well respected Avira, however they do not now detect it,so they, must of examined it, thought it was a FP, and harmless, on the other hand the number has risen http://virscan.org/report/39e10d4972b08ca2af4dbd897aa80a37.html http://www.virustotal.com/analisis/29d7e43b5d295921b3710558c07f2384bf17e28012018d5c9a8f12f6bfb23872-1250365797
Try the re-analyze option
As long as the file is gone, I would not worry too much